php计数器增量错误
[英]php counter increment error
问题描述
As i am trying to increment the counter to plus 1 every time when the user clicks on the image. 
每当用户点击图像时我正试图将计数器增加到加1。 I have written the following code but it says some error "Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\\xampp\\htdocs\\tkboom\\includes\\core.php on line 72". 我写了下面的代码但它说了一些错误“警告:mysql_fetch_array()期望参数1是资源,布尔值在第72行的C:\\ xampp \\ htdocs \\ tkboom \\ includes \\ core.php”中给出。 Can anyone look into this where i made a mistake.. 任何人都可以看到我犯了错误的地方..
Actually i have created 2 php files one for incrementing the counter and one for displaying the counter. 实际上我创建了2个php文件,一个用于递增计数器,另一个用于显示计数器。 In core.php file i have written the function and for displaying the count i have created a file called view.php 在core.php文件中,我编写了函数,并且为了显示计数,我创建了一个名为view.php的文件
core.php
function GenerateCount($id, $playCount) {
global $setting;
$counter_query = "SELECT hits FROM ava_games WHERE id=".$_GET['id']."";
$counter_res = mysql_query($counter_query);
while($counter_row = mysql_fetch_array($counter_res)){
$counter = $counter_row['hits'] + 1;
$update_counter_query = "UPDATE ava_games SET hits=".$counter." WHERE id=".$_GET['id']."";
$playCount = mysql_query($update_counter_query);
$playCount = $row['hits'];
}
return $playCount;
// Get count END
}
view.php
<?php
$sql = mysql_query("SELECT * FROM ava_games WHERE published=1 ORDER BY id desc LIMIT 30");
while($row = mysql_fetch_array($sql)) {
$url = GameUrl($row['id'], $row['seo_url'], $row['category_id']);
$name = shortenStr($row['name'], $template['module_max_chars']);
$playRt = GenerateRating($row['rating'], $row['homepage']);
$playCt = GenerateCount($row['id'], $row['hits']);
if ($setting['module_thumbs'] == 1) {
$image_url = GameImageUrl($row['image'], $row['import'], $row['url']);
$image = '<div class="homepage_game"><div class="home_game_image"><a href="'.$url.'"><img src="'.$image_url.'" width= 180 height= 135/></a></div><div class="home_game_info"><div class="home_game_head"><a href="'.$url.'">'.$name.'</a></div></div><div class="home_game_options"><img class="home_game_options_icon" src="'.$setting['site_url'].'/templates/hightek/images/joystick-icon.png" /> '.$playRt.' <b>|</b> '.$playCt.' plays </div></div>';
echo $image;
}
}
?>
5 个解决方案
解决方案1
4 已采纳 2012-01-04 10:42:11
That most likely means that there's an error in the sql statement. 这很可能意味着sql语句中存在错误。 You can get more information about the error via mysql_error() . 您可以通过mysql_error()获取有关错误的更多信息。
In its simplest form: 最简单的形式:
$counter_res = mysql_query($counter_query) or die(mysql_error());
(edit: ...simplest form, but with this approach you don't give the application a chance to react to the problem, "die" as in "dead". And mysql_error() can leak too much information to a user of your webservice/website, see https://www.owasp.org/index.php/Top_10_2007-Information_Leakage_and_Improper_Error_Handling ) (编辑:...最简单的形式,但是使用这种方法你不会给应用程序一个机会对问题作出反应,“死”就像“死”一样。而mysql_error()可能会泄漏太多信息给用户您的网络服务/网站,请参阅https://www.owasp.org/index.php/Top_10_2007-Information_Leakage_and_Improper_Error_Handling )
Your code is also prone to 您的代码也很容易
- sql injections , because the $_GET parameter is put into the statement without sanitizing it first sql注入 ,因为$ _GET参数被放入语句而不首先清理它
- race conditions because you have a compound operation consisting of one SELECT and one UPDATE without any locking mechanism. 竞争条件,因为您有一个复合操作,由一个SELECT和一个UPDATE组成,没有任何锁定机制。
解决方案2
1 2012-01-04 10:45:02
This is because you get the error in your SQL query. 这是因为您在SQL查询中收到错误。
I'd change it a little bit: 我会稍微改变一下:
$counter_query = 'SELECT hits FROM ava_games WHERE id = ' . (int)$_GET['id'];
to make sure you always compare id against integer value. 确保始终将id与整数值进行比较。
解决方案3
1 2012-01-04 10:45:55
After all, this query does not look good. 毕竟,这个查询看起来不太好。 First point: why are you using two queries to increment a value? 第一点:为什么使用两个查询来增加值? UPDATE ava_games SET hits=hits+1 WHERE id=".$_GET['id']."" should do this in one step. Second point: have you heard about SQL injections? Escape or cast $_GET['id'] to avoid surprises ;) UPDATE ava_games SET hits=hits+1 WHERE id=".$_GET['id'].""应该一步完成。第二点:你听说过SQL注入吗?逃脱或者施放$_GET['id']避免意外;)
解决方案4
0 2012-01-04 10:42:02
If mysql_query returns a Boolean, your query failed. 如果mysql_query返回布尔值,则查询失败。
Presuming id is the primary key, you can use the following function to update on a database level which will prevent race conditions: 假定id是主键,您可以使用以下函数在数据库级别更新,这将阻止竞争条件:
function GenerateCount($playCount) {
global $setting;
$update_counter_query = "UPDATE ava_games SET hits=hits + 1 WHERE id=".intval($_GET['id'])."";
mysql_query($update_counter_query) or die(mysql_error());
$counter_query = "SELECT hits FROM ava_games WHERE id=".intval($_GET['id'])." LIMIT 1";
list($playCount) = mysql_fetch_row(mysql_query($counter_query));
return $playCount;
// Get count END
}
also note the intval() around the $_GET variable to prevent SQL injection 还要注意$_GET变量周围的intval()以防止SQL注入
解决方案5
0 2012-01-04 10:46:43
Convert the value in int first like that: 首先转换int中的值,如下所示:
function GenerateCount($playCount) {
global $setting;
$counter_query = "SELECT hits FROM ava_games WHERE id=".$_GET['id']."";
$counter_res = mysql_query($counter_query);
while($counter_row = mysql_fetch_array($counter_res)){
$counter = intval($counter_row['hits']) + 1;
$update_counter_query = "UPDATE ava_games SET hits=".$counter." WHERE id=".$_GET['id']."";
$playCount = mysql_query($update_counter_query);
$playCount = $row['hits'];
}
return $playCount;
// Get count END
}
and check link: 并检查链接:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.